[....] Starting enhanced syslogd: rsyslogd[ 16.635497] audit: type=1400 audit(1518290500.076:5): avc: denied { syslog } for pid=4015 comm="rsyslogd" capability=34 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=capability2 permissive=1 [?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 22.286619] audit: type=1400 audit(1518290505.727:6): avc: denied { map } for pid=4157 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. executing program [ 28.539265] audit: type=1400 audit(1518290511.980:7): avc: denied { map } for pid=4171 comm="syzkaller972441" path="/root/syzkaller972441253" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 28.566747] [ 28.568447] ============================= [ 28.572609] WARNING: suspicious RCU usage [ 28.576774] 4.15.0+ #222 Not tainted [ 28.580494] ----------------------------- [ 28.584647] ./include/linux/rcupdate.h:302 Illegal context switch in RCU read-side critical section! [ 28.593931] [ 28.593931] other info that might help us debug this: [ 28.593931] [ 28.602087] [ 28.602087] rcu_scheduler_active = 2, debug_locks = 1 [ 28.608771] 1 lock held by syzkaller972441/4171: [ 28.613536] #0: (rcu_read_lock){....}, at: [<00000000d3409432>] __rds_conn_create+0xe46/0x1b50 [ 28.622524] [ 28.622524] stack backtrace: [ 28.627034] CPU: 1 PID: 4171 Comm: syzkaller972441 Not tainted 4.15.0+ #222 [ 28.634112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 28.643442] Call Trace: [ 28.646011] dump_stack+0x194/0x257 [ 28.649619] ? arch_local_irq_restore+0x53/0x53 [ 28.654752] lockdep_rcu_suspicious+0x123/0x170 [ 28.659402] ___might_sleep+0x385/0x470 [ 28.663351] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 28.669211] ? __debug_object_init+0x235/0x1040 [ 28.673858] ? lock_acquire+0x1d5/0x580 [ 28.677810] ? debug_mutex_init+0x1c/0x60 [ 28.681938] __might_sleep+0x95/0x190 [ 28.685719] kmem_cache_alloc_trace+0x299/0x740 [ 28.690362] ? lock_acquire+0x1d5/0x580 [ 28.694308] ? lock_acquire+0x1d5/0x580 [ 28.698261] ? __rds_conn_create+0xe46/0x1b50 [ 28.702735] rds_loop_conn_alloc+0xc8/0x380 [ 28.707031] ? rds_loop_conn_free+0x290/0x290 [ 28.711505] ? __init_waitqueue_head+0x97/0x140 [ 28.716152] ? rcutorture_record_progress+0x10/0x10 [ 28.721147] ? __lockdep_init_map+0xe4/0x650 [ 28.725534] __rds_conn_create+0x112f/0x1b50 [ 28.729935] ? rds_conn_drop+0xb0/0xb0 [ 28.733795] ? find_held_lock+0x35/0x1d0 [ 28.737837] ? __might_fault+0x110/0x1d0 [ 28.741883] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 28.747739] ? free_unref_page+0x9e0/0x9e0 [ 28.751951] ? rcu_note_context_switch+0x710/0x710 [ 28.756870] ? kasan_check_write+0x14/0x20 [ 28.761087] ? copyin+0x91/0xb0 [ 28.764343] ? copy_page_from_iter+0x50e/0x7c0 [ 28.768909] ? _copy_from_iter+0xf30/0xf30 [ 28.773126] ? _raw_spin_unlock_bh+0x30/0x40 [ 28.777515] ? rds_message_copy_from_user+0x29e/0x370 [ 28.782684] rds_conn_create_outgoing+0x3f/0x50 [ 28.787346] rds_sendmsg+0xda3/0x2390 [ 28.791120] ? avc_has_perm+0x43e/0x680 [ 28.795080] ? rds_send_drop_to+0x19d0/0x19d0 [ 28.799554] ? _raw_spin_unlock_irq+0x27/0x70 [ 28.804040] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 28.809042] ? find_held_lock+0x35/0x1d0 [ 28.813092] ? sock_has_perm+0x2a4/0x420 [ 28.817131] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 28.822473] ? lock_release+0xa02/0xa40 [ 28.826423] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 28.832283] ? __check_object_size+0x8b/0x530 [ 28.836761] ? __handle_mm_fault+0x80e/0x3ce0 [ 28.841239] ? __might_sleep+0x95/0x190 [ 28.845194] ? selinux_socket_sendmsg+0x36/0x40 [ 28.849840] ? security_socket_sendmsg+0x89/0xb0 [ 28.854573] ? rds_send_drop_to+0x19d0/0x19d0 [ 28.859046] sock_sendmsg+0xca/0x110 [ 28.862736] SYSC_sendto+0x361/0x5c0 [ 28.866432] ? SYSC_connect+0x4a0/0x4a0 [ 28.870389] ? __do_page_fault+0x5f7/0xc90 [ 28.874609] ? lock_downgrade+0x980/0x980 [ 28.878745] ? handle_mm_fault+0x43b/0x970 [ 28.882973] ? up_read+0x1a/0x40 [ 28.886321] ? __do_page_fault+0x3d6/0xc90 [ 28.890537] ? mm_fault_error+0x2c0/0x2c0 [ 28.894662] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 28.900180] SyS_sendto+0x40/0x50 [ 28.903612] ? SyS_getpeername+0x30/0x30 [ 28.907653] do_syscall_64+0x282/0x940 [ 28.911515] ? __do_page_fault+0xc90/0xc90 [ 28.915725] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 28.920457] ? syscall_return_slowpath+0x550/0x550 [ 28.925358] ? syscall_return_slowpath+0x2ac/0x550 [ 28.930259] ? prepare_exit_to_usermode+0x350/0x350 [ 28.935251] ? retint_user+0x18/0x18 [ 28.938941] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 28.943763] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 28.948926] RIP: 0033:0x43fd99 [ 28.952094] RSP: 002b:00007ffc923ada38 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 28.959783] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd99 [ 28.967025] RDX: 000000000000fffa RSI: 00000000204b3fff RDI: 0000000000000003 [ 28.974269] RBP: 00000000006ca018 R08: 00000000202b4000 R09: 0000000000000010 [ 28.981513] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004016c0 [ 28.988770] R13: 0000000000401750 R14: 0000000000000000 R15: 0000000000000000 [ 28.996357] BUG: sleeping function called from invalid context at mm/slab.h:420 [ 29.003822] in_atomic(): 1, irqs_disabled(): 0, pid: 4171, name: syzkaller972441 [ 29.011370] 1 lock held by syzkaller972441/4171: [ 29.016142] #0: (rcu_read_lock){....}, at: [<00000000d3409432>] __rds_conn_create+0xe46/0x1b50 [ 29.025110] CPU: 1 PID: 4171 Comm: syzkaller972441 Not tainted 4.15.0+ #222 [ 29.032194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 29.041522] Call Trace: [ 29.044097] dump_stack+0x194/0x257 [ 29.047702] ? arch_local_irq_restore+0x53/0x53 [ 29.052350] ? print_lock+0x9f/0xa2 [ 29.055950] ? lockdep_print_held_locks+0xc4/0x130 [ 29.060859] ___might_sleep+0x2b2/0x470 [ 29.064807] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 29.070664] ? __debug_object_init+0x235/0x1040 [ 29.075305] ? lock_acquire+0x1d5/0x580 [ 29.079255] ? debug_mutex_init+0x1c/0x60 [ 29.083381] __might_sleep+0x95/0x190 [ 29.087164] kmem_cache_alloc_trace+0x299/0x740 [ 29.091815] ? lock_acquire+0x1d5/0x580 [ 29.095765] ? lock_acquire+0x1d5/0x580 [ 29.099713] ? __rds_conn_create+0xe46/0x1b50 [ 29.104193] rds_loop_conn_alloc+0xc8/0x380 [ 29.108491] ? rds_loop_conn_free+0x290/0x290 [ 29.112971] ? __init_waitqueue_head+0x97/0x140 [ 29.117746] ? rcutorture_record_progress+0x10/0x10 [ 29.122751] ? __lockdep_init_map+0xe4/0x650 [ 29.127150] __rds_conn_create+0x112f/0x1b50 [ 29.131552] ? rds_conn_drop+0xb0/0xb0 [ 29.135424] ? find_held_lock+0x35/0x1d0 [ 29.139469] ? __might_fault+0x110/0x1d0 [ 29.143518] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 29.149375] ? free_unref_page+0x9e0/0x9e0 [ 29.153598] ? rcu_note_context_switch+0x710/0x710 [ 29.158506] ? kasan_check_write+0x14/0x20 [ 29.162723] ? copyin+0x91/0xb0 [ 29.165981] ? copy_page_from_iter+0x50e/0x7c0 [ 29.170541] ? _copy_from_iter+0xf30/0xf30 [ 29.174753] ? _raw_spin_unlock_bh+0x30/0x40 [ 29.179140] ? rds_message_copy_from_user+0x29e/0x370 [ 29.184305] rds_conn_create_outgoing+0x3f/0x50 [ 29.188955] rds_sendmsg+0xda3/0x2390 [ 29.192730] ? avc_has_perm+0x43e/0x680 [ 29.196695] ? rds_send_drop_to+0x19d0/0x19d0 [ 29.201174] ? _raw_spin_unlock_irq+0x27/0x70 [ 29.205651] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 29.210648] ? find_held_lock+0x35/0x1d0 [ 29.214709] ? sock_has_perm+0x2a4/0x420 [ 29.218747] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 29.224083] ? lock_release+0xa02/0xa40 [ 29.228039] ? trace_event_raw_event_sched_switch+0x810/0x810 [ 29.233901] ? __check_object_size+0x8b/0x530 [ 29.238371] ? __handle_mm_fault+0x80e/0x3ce0 [ 29.242846] ? __might_sleep+0x95/0x190 [ 29.246799] ? selinux_socket_sendmsg+0x36/0x40 [ 29.251441] ? security_socket_sendmsg+0x89/0xb0 [ 29.256177] ? rds_send_drop_to+0x19d0/0x19d0 [ 29.260652] sock_sendmsg+0xca/0x110 [ 29.264344] SYSC_sendto+0x361/0x5c0 [ 29.268042] ? SYSC_connect+0x4a0/0x4a0 [ 29.272000] ? __do_page_fault+0x5f7/0xc90 [ 29.276220] ? lock_downgrade+0x980/0x980 [ 29.280350] ? handle_mm_fault+0x43b/0x970 [ 29.284572] ? up_read+0x1a/0x40 [ 29.287912] ? __do_page_fault+0x3d6/0xc90 [ 29.292302] ? mm_fault_error+0x2c0/0x2c0 [ 29.296427] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 29.301943] SyS_sendto+0x40/0x50 [ 29.305368] ? SyS_getpeername+0x30/0x30 [ 29.309406] do_syscall_64+0x282/0x940 [ 29.313267] ? __do_page_fault+0xc90/0xc90 [ 29.317479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 29.322212] ? syscall_return_slowpath+0x550/0x550 [ 29.327126] ? syscall_return_slowpath+0x2ac/0x550 [ 29.332043] ? prepare_exit_to_usermode+0x350/0x350 [ 29.337041] ? retint_user+0x18/0x18 [ 29.340733] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 29.345556] entry_SYSCALL_64_after_hwframe+0x26/0x9b [ 29.350715] RIP: 0033:0x43fd99 [ 29.353880] RSP: 002b:00007ffc923ada38 EFLAGS: 00000217 ORIG_RAX: 000000000000002c [ 29.361562] RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd99 [ 29.368809] RDX: 000000000000fffa RSI: 00000000204b3fff RDI: 0000000000000003 [ 29.376062] RBP: 00000000006ca018 R08: 00000000202b4000 R09: 0000000000000010 [ 29.383304] R10: 0000000000000000 R11: 0000000000000217 R12: 00000000004016c0 [ 29.390547] R13: 0000000000